Step 1: HTTPS by Default – Digital Security Training Curriculum

Data protection & Privacy Using HTTPS Everywhere Step 1: HTTPS by Default

Explain that some websites always provide a protected SSL (HTTPS) connection; for instance, all Google services offer session-wide, or from log-in to log-out, secure HTTPS connections. Twitter also now has this protection by default, as does Facebook.
Sometimes, though, a website will have a SSL connection available, but it won’t force users to connect via HTTPS – it’s also not always obvious that a website offers HTTPS in the first place if it isn’t forced.
To demonstrate, visit a website that provides both HTTP and HTTPS connections, but does not force that HTTPS protected connection – an illustrative and relatively well-known example is the Microsoft website:
•Visit the HTTP version of the site.
•In the URL bar, add “s” to “http://” to create an HTTPS connection; then, reload the page.
•Highlight the relevant icon – usually a small, locked padlock icon – that signals HTTPS is active.
•Remind participants that HTTPS connections are available on some websites, but not always automatically.
Mention immediately afterwards, if it has not yet been highlighted, that a browser add-on called HTTPS Everywhere can be useful in some of those cases!

Previous Lesson

Back to Lesson

Next Topic

Related